Cyware Daily Threat Intelligence May 15, 2018

Top Malware Reported in the Last 24 Hours
UPnP protocol
The Universal Plug and Play (UPnP) protocol is being leveraged by cyber criminals in order to redirect traffic to another IP address. Hackers can also create a network of proxies that redirect traffic through tens or hundreds of IPs. This technique can be used while launching DDoS attacks for the purpose of masking the source port.

RIG exploit kit delivers Grobios trojan
RIG exploit kit is being used to deliver the Grobios trojan. Victims visiting the domain latorre[.]com[.]au are being redirected to the RIG landing page where the malware gets downloaded. Grobios is also using PECompact 2.xx in order to evade static detection.

FinFisher spyware
Hackers, allegedly working for the Turkish government, attempted to infect a large number of Turkish dissidents and protesters using the FinFisher spyware. Twitter-linked malicious websites were used to trick victims into installing the malware on their phones.

Top Vulnerabilities Reported in the Last 24 Hours
Vulnerability in Signal
The Signal messaging app has been found to be vulnerable to code injection attacks. Exploiting the flaw could allow hackers to execute malicious code on recipient’s system by sending a message. This attack technique doesn't require any user interaction. Patches have already been released to fix this issue.

Samsung released fixes
Samsung is releasing security patches for critical bugs found in Android handsets, as part of its May patch bulletin. Affected models include Galaxy family of S9, Note 8 and S8 phones. The four vulnerabilities that have been fixed include: CVE-2017-13292, CVE-2017-18128, CVE-2017-18146, and CVE-2018-3591.

CVE-2017-8897 exploited by hackers
A new flaw, dubbed as CVE-2018-8897, has been discovered which allows an unprivileged user to run DB handler with user-mode GSBASE. Using Ring0, hackers could exploit this vulnerability and run an arbitrary code execution. However, this flaw works only on a real host and leads to unsigned code execution with kernel privileges.

Top Breaches Reported in the Last 24 Hours
Rail Europe website breach
The website of Rail Europe has been breached, affecting debit/credit card details. The breach is discovered to be at least three months old. The breach resulted in hackers stealing credit card numbers, expiration dates, and card verification codes. Rail Europe said that they have replaced and rebuilt the compromised system.

Oregon Clinic data breach
The Oregon clinic recently announced that it has been affected by a data breach, that resulted in exposure of protected health information (PHI). Information like medical record numbers, diagnosis information, medical conditions, diagnostic tests performed, prescription information, insurance information etc., has been stolen.

World Rugby player details stolen
One of the websites of World Rugby was targeted with a cyber attack. Hackers were able to obtain personal data from thousands of subscribers. First names, email addresses and encrypted passwords of thousands of users, including players and coaches were stolen World Rugby also sent emails to the subscribers to warning them of the breach.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.